mirror of
https://github.com/DOI-DO/j40-cejst-2.git
synced 2025-02-22 09:41:26 -08:00
83eb7b0982
Showing obscure vulnerabilities that only exist in the dev setup creates
more noise and means that they just get ignored (because they are
probably low priority). Silencing them means when we get a vulnerable
dependency alert we know to pay attention to it.
Comes from https://github.com/dependabot/dependabot-core/issues/2521 and
501bbef578.
8 lines
157 B
YAML
8 lines
157 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: "npm"
|
|
directory: "/**"
|
|
schedule:
|
|
interval: "daily"
|
|
allow:
|
|
- dependency-type: "production"
|